Server 2019 BSOD - Terminal Server

April 10, 2020, 2:38 am

≫ Next: RD Gateway SSO IWA over NTLM from remote outside the internal network possible out of the box?

≪ Previous: Policy Module for company Microsoft Corporation product C50 has denied new license request

Hi, we have a terminal server based on Server 2019 that consists of 10 RD Hosts.We have 300 users. Some users use remoteapp.

We got a blue screen in some of the hosts. There are no extra drivers etc. on the hosts other than printer drivers. Printer drivers have been previously tested on different servers. Memory Dump is listed below. How can we interpret this output?

*    *
* Bugcheck Analysis *
*    *
*******************************************************************************

CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff888d8dc2e080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------

Page 2001e206a too large to be in the dump file.
Page 2001d3369 too large to be in the dump file.

KEY_VALUES_STRING: 1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER: Microsoft Corporation

VIRTUAL_MACHINE: HyperV

SYSTEM_PRODUCT_NAME: Virtual Machine

SYSTEM_SKU: None

SYSTEM_VERSION: Hyper-V UEFI Release v1.0

BIOS_VENDOR: Microsoft Corporation

BIOS_VERSION: Hyper-V UEFI Release v1.0

BIOS_DATE: 11/26/2012

BASEBOARD_MANUFACTURER: Microsoft Corporation

BASEBOARD_PRODUCT: Virtual Machine

BASEBOARD_VERSION: Hyper-V UEFI Release v1.0

DUMP_TYPE: 1

BUGCHECK_P1: ffff888d8dc2e080

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

PROCESS_NAME: csrss.exe

CRITICAL_PROCESS: csrss.exe

EXCEPTION_CODE: (HRESULT) 0x8da82080 (2376605824) - <Unable to get error code text>

ERROR_CODE: (NTSTATUS) 0x8da82080 - <Unable to get error code text>

CPU_COUNT: 8

CPU_MHZ: 95a

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 55

CPU_STEPPING: 4

CPU_MICROCODE: 6,55,4,0 (F,M,S,R) SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXPNP: 1 (!blackboxpnp)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0xEF

CURRENT_IRQL: 0

ANALYSIS_SESSION_TIME: 04-10-2020 12:32:30.0140

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

EXCEPTION_RECORD: 000000d8d1b3df30 -- (.exr 0xd8d1b3df30)
ExceptionAddress: 00000226f7fab5c0
ExceptionCode: 00000000
ExceptionFlags: 00000000
NumberParameters: -776798208
Parameter[0]: 0000000000000000
Parameter[1]: 0000022600000000
Parameter[2]: 0000000000000000
Parameter[3]: 0000000000000000
Parameter[4]: 0000022600010000
Parameter[5]: 00000226fc6f0000
Parameter[6]: 00000226f7fa0100
Parameter[7]: 00000226fc06fb18
Parameter[8]: 000000d8d1b3e040
Parameter[9]: 000000d8d1b3de10
Parameter[10]: 00000226f7fab5c0
Parameter[11]: 0000004400000000
Parameter[12]: 00000226f7fab5c0
Parameter[13]: 0000000000000000
Parameter[14]: 0000000000000000

CONTEXT: 00007ffc74278ca5 -- (.cxr 0x7ffc74278ca5)
rax=441f0f000b720615 rbx=e0814150247c8948 rcx=0fed8548f08b0000
rdx=c38b44000000c284 rsi=cb8b00000090840f rdi=e18108e9c1c3b70f
rip=0b5c6a15ff482024 rsp=ffffffbf007f0000 rbp=00660000f88141ff
r8=f981c80b00ff0000 r9=8b48217200010000 r10=d1b70f000b5cae05
r11=8b108b4852048d4c r12=4cb60f4610e8c1c1 r13=0f0375c83b440dc2
r14=0b5c82058b48c9b7 r15=548d486a73083b00
iopl=1 ov dn di pl zr na pe cy
cs=4930 ss=5e41 ds=7b8b es=4938 fs=e38b gs=5f41 efl=ccc35c41
4930:2024 ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from 0000000000000000 to 0b5c6a15ff482024

BAD_STACK_POINTER: ffffffbf007f0000

STACK_TEXT:
fffff184`02187c78 fffff802`1ec9fc8d : 00000000`000000ef ffff888d`8dc2e080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffff184`02187c80 fffff802`1ebdcf07 : 00000000`00000000 ffff888d`8dc2e080 00000000`00000000 fffff802`1e5426e4 : nt!PspCatchCriticalBreak+0xfd
fffff184`02187d20 fffff802`1ea9780c : ffff888d`00000000 00000000`00000000 ffff888d`8dc2e080 ffff888d`8dc2e358 : nt!PspTerminateAllThreads+0x146873
fffff184`02187d90 fffff802`1ea99349 : ffffffff`ffffffff fffff184`02187ec0 ffff888d`8dc2e080 000000d8`d1b3d901 : nt!PspTerminateProcess+0xe0
fffff184`02187dd0 fffff802`1e5d8305 : ffff888d`000020ec ffff888d`8da82080 ffff888d`8dc2e080 000000d8`d1b3d940 : nt!NtTerminateProcess+0xa9
fffff184`02187e40 00007ffc`77f5fce4 : 00007ffc`73e983a1 00000226`ffffffff 00000000`00000001 ffffffff`ee1e5d00 : nt!KiSystemServiceCopyEnd+0x25
000000d8`d1b3cfc8 00007ffc`73e983a1 : 00000226`ffffffff 00000000`00000001 ffffffff`ee1e5d00 00000000`0000046c : ntdll!NtTerminateProcess+0x14
000000d8`d1b3cfd0 00007ffc`77f91a68 : 00000226`f7f26640 00007ffc`73e98270 00000226`f7f26658 00007ffc`73cce9dd : CSRSRV!CsrUnhandledExceptionFilter+0x131
000000d8`d1b3d060 00007ffc`77f63400 : 00007ffc`77d17a08 00000000`00000000 00000000`00000000 00007ffc`77ec6a6f : ntdll!LdrpLogFatalUserCallbackException+0x98
000000d8`d1b3d1a0 00007ffc`77f6477f : 00007ffc`7802a000 00007ffc`77ec0000 0000ddc4`001ed000 000000d8`d1b3d750 : ntdll!KiUserCallbackDispatcherHandler+0x20
000000d8`d1b3d1e0 00007ffc`77ec4bef : 000000d8`d1b3d750 00000000`00000000 00007ffc`77d9d0e8 00007ffc`77cf0000 : ntdll!RtlpExecuteHandlerForException+0xf
000000d8`d1b3d210 00007ffc`77f634ee : 000000d8`d1b3df30 00007ffc`74278ca5 00000000`00000000 00007ffc`74263e72 : ntdll!RtlDispatchException+0x40f
000000d8`d1b3d940 00007ffc`77cf7cf6 : ffffffff`00000201 00000226`f7ef1580 0000000c`0000002d 00007ffc`77f06a03 : ntdll!KiUserExceptionDispatch+0x2e
000000d8`d1b3e730 00007ffc`77cf7c76 : 00000000`002e0000 00000000`0000002d 00000000`0000002d 00000001`0000002e : USER32!DefDlgProcWorker+0x66
000000d8`d1b3e7f0 00007ffc`77cfca66 : 00000000`00000000 00000000`00000000 00000000`0000000c 00007ffc`77ed01fe : USER32!DefDlgProcW+0x36
000000d8`d1b3e830 00007ffc`77cfc78c : 00000000`00000008 00007ffc`77f5f4f0 00000000`001301d6 00000000`80000000 : USER32!UserCallWinProcCheckWow+0x266
000000d8`d1b3e9b0 00007ffc`77d17a08 : 000000d8`d1b3eac8 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!DispatchClientMessage+0x9c
000000d8`d1b3ea10 00007ffc`77f63494 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!_fnNCDESTROY+0x38
000000d8`d1b3ea70 00007ffc`74c41f24 : 00007ffc`77d015df 00000000`00008002 00000000`00000000 00000000`00000000 : ntdll!KiUserCallbackDispatcherContinue
000000d8`d1b3eaf8 00007ffc`77d015df : 00000000`00008002 00000000`00000000 00000000`00000000 000000d8`d1b3ebc8 : win32u!NtUserCreateWindowEx+0x14
000000d8`d1b3eb00 00007ffc`77cff642 : 00000000`000002fc 000000d8`00000001 00000000`00010101 00000000`00010101 : USER32!VerNtUserCreateWindowEx+0x20f
000000d8`d1b3ee90 00007ffc`77d1f19a : 0000439d`851d0a0e ffffffff`0000004b 00000000`00000000 00000000`00000002 : USER32!InternalCreateDialog+0x612
000000d8`d1b3f070 00007ffc`77d63836 : 00000000`00000000 000000d8`d1b3f1d0 000000d8`d1b3f3f0 00000226`f7fb07a0 : USER32!InternalDialogBox+0x106
000000d8`d1b3f0d0 00007ffc`77d62275 : 00000000`00000000 00000000`00000095 00000000`000002f8 00000000`00000032 : USER32!SoftModalMessageBox+0x7e6
000000d8`d1b3f220 00007ffc`77d62fb2 : 00000000`00000000 00000000`00000010 00000000`0000000e 00000000`00000800 : USER32!MessageBoxWorker+0x319
000000d8`d1b3f3d0 00007ffc`73e39726 : 00000000`00000001 00007ffc`73e4a9e0 00007113`625f8fb2 00000000`00000002 : USER32!MessageBoxTimeoutW+0x192
000000d8`d1b3f4d0 00007ffc`73e39bfd : 00000000`00000000 00007ffc`73e4a9e0 00000000`00000000 00000000`00000000 : winsrvext!HardErrorHandler+0x32a
000000d8`d1b3f690 00007ffc`73e3a0ee : 00000226`f7f98f00 00000000`00000001 00000000`00000000 000000d8`d1b3f900 : winsrvext!ProcessHardErrorRequest+0xe9
000000d8`d1b3f700 00007ffc`73e9872d : 00000226`f7ef7db0 00007ffc`77f33a2e 00000000`00000000 000000d8`d1cc0000 : winsrvext!UserHardErrorEx+0x4be
000000d8`d1b3f7c0 00007ffc`73e97ec5 : 00000226`f7ef79f0 00000000`00000000 00000000`00000000 000000d8`d1cc0000 : CSRSRV!QueueHardError+0x1a5
000000d8`d1b3f800 00007ffc`77f2a27f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : CSRSRV!CsrApiRequestThread+0x2525
000000d8`d1b3fc90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2f

THREAD_SHA1_HASH_MOD_FUNC: 243502d633fd810f3a77e6153eeed955d23a59af

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 2d5957ffba98cb17c4474657af1391290476cdba

THREAD_SHA1_HASH_MOD: 5255f96f63ab75cf0bb2e1adc18592ee682a40d7

FOLLOWUP_IP:
ntdll!NtTerminateProcess+14
00007ffc`77f5fce4 c3 ret

FAULT_INSTR_CODE: c32ecdc3

SYMBOL_STACK_INDEX: 6

SYMBOL_NAME: ntdll!NtTerminateProcess+14

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ntdll

IMAGE_NAME: ntdll.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 125ac1e8

IMAGE_VERSION: 10.0.17763.802

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 14

FAILURE_BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_8da82080_STACKPTR_ERROR_ntdll!NtTerminateProcess

BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_8da82080_STACKPTR_ERROR_ntdll!NtTerminateProcess

PRIMARY_PROBLEM_CLASS: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_8da82080_STACKPTR_ERROR_ntdll!NtTerminateProcess

TARGET_TIME: 2020-04-07T05:14:52.000Z

OSBUILD: 17763

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 131216

PRODUCT_TYPE: 3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 Server TerminalServer DataCenter

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 1996-08-06 18:11:50

BUILDDATESTAMP_STR: 180914-1434

BUILDLAB_STR: rs5_release

BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME: d97

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0xef_csrss.exe_bugcheck_critical_process_8da82080_stackptr_error_ntdll!ntterminateprocess

FAILURE_ID_HASH: {cb1f5d2d-babc-5182-2d49-32f9d8f0ee1e}

Followup: MachineOwner
---------

0: kd> kL
# Child-SP RetAddr Call Site
00 fffff184`02187c78 fffff802`1ec9fc8d nt!KeBugCheckEx
01 fffff184`02187c80 fffff802`1ebdcf07 nt!PspCatchCriticalBreak+0xfd
02 fffff184`02187d20 fffff802`1ea9780c nt!PspTerminateAllThreads+0x146873
03 fffff184`02187d90 fffff802`1ea99349 nt!PspTerminateProcess+0xe0
04 fffff184`02187dd0 fffff802`1e5d8305 nt!NtTerminateProcess+0xa9
05 fffff184`02187e40 00007ffc`77f5fce4 nt!KiSystemServiceCopyEnd+0x25
06 000000d8`d1b3cfc8 00007ffc`73e983a1 ntdll!NtTerminateProcess+0x14
07 000000d8`d1b3cfd0 00007ffc`77f91a68 CSRSRV!CsrUnhandledExceptionFilter+0x131
08 000000d8`d1b3d060 00007ffc`77f63400 ntdll!LdrpLogFatalUserCallbackException+0x98
09 000000d8`d1b3d1a0 00007ffc`77f6477f ntdll!KiUserCallbackDispatcherHandler+0x20
0a 000000d8`d1b3d1e0 00007ffc`77ec4bef ntdll!RtlpExecuteHandlerForException+0xf
0b 000000d8`d1b3d210 00007ffc`77f634ee ntdll!RtlDispatchException+0x40f
0c 000000d8`d1b3d940 00007ffc`77cf7cf6 ntdll!KiUserExceptionDispatch+0x2e
0d 000000d8`d1b3e730 00007ffc`77cf7c76 USER32!DefDlgProcWorker+0x66
0e 000000d8`d1b3e7f0 00007ffc`77cfca66 USER32!DefDlgProcW+0x36
0f 000000d8`d1b3e830 00007ffc`77cfc78c USER32!UserCallWinProcCheckWow+0x266
10 000000d8`d1b3e9b0 00007ffc`77d17a08 USER32!DispatchClientMessage+0x9c
11 000000d8`d1b3ea10 00007ffc`77f63494 USER32!_fnNCDESTROY+0x38
12 000000d8`d1b3ea70 00007ffc`74c41f24 ntdll!KiUserCallbackDispatcherContinue
13 000000d8`d1b3eaf8 00007ffc`77d015df win32u!NtUserCreateWindowEx+0x14
14 000000d8`d1b3eb00 00007ffc`77cff642 USER32!VerNtUserCreateWindowEx+0x20f
15 000000d8`d1b3ee90 00007ffc`77d1f19a USER32!InternalCreateDialog+0x612
16 000000d8`d1b3f070 00007ffc`77d63836 USER32!InternalDialogBox+0x106
17 000000d8`d1b3f0d0 00007ffc`77d62275 USER32!SoftModalMessageBox+0x7e6
18 000000d8`d1b3f220 00007ffc`77d62fb2 USER32!MessageBoxWorker+0x319
19 000000d8`d1b3f3d0 00007ffc`73e39726 USER32!MessageBoxTimeoutW+0x192
1a 000000d8`d1b3f4d0 00007ffc`73e39bfd winsrvext!HardErrorHandler+0x32a
1b 000000d8`d1b3f690 00007ffc`73e3a0ee winsrvext!ProcessHardErrorRequest+0xe9
1c 000000d8`d1b3f700 00007ffc`73e9872d winsrvext!UserHardErrorEx+0x4be
1d 000000d8`d1b3f7c0 00007ffc`73e97ec5 CSRSRV!QueueHardError+0x1a5
1e 000000d8`d1b3f800 00007ffc`77f2a27f CSRSRV!CsrApiRequestThread+0x2525
1f 000000d8`d1b3fc90 00000000`00000000 ntdll!RtlUserThreadStart+0x2f
0: kd> r
rax=ffff888d8da82080 rbx=ffff888d8dc2e003 rcx=00000000000000ef
rdx=ffff888d8dc2e080 rsi=ffff888d8dc2e080 rdi=ffff888d8dc2e080
rip=fffff8021e5c7050 rsp=fffff18402187c78 rbp=00000000c0000000
r8=0000000000000000 r9=0000000000000000 r10=7ffffffffffffffc
r11=fffff18402187e38 r12=00007ffc77f63401 r13=00000000c0000005
r14=0000000000000000 r15=00000000c0000005
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000246
nt!KeBugCheckEx:
fffff802`1e5c7050 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff184`02187c80=00000000000000ef

↧

RD Gateway SSO IWA over NTLM from remote outside the internal network possible out of the box?

April 9, 2020, 2:55 am

≫ Next: Remote Desktop Services License Server

≪ Previous: Server 2019 BSOD - Terminal Server

hello,

I am struggling at the moment with RD Gateway SSO IWA for RDS 2016/2019 from remote outside the local network and without vpn for the remote apps.

All the GPOs with delegation, trusted sites, RD Gateway authentication method (use locally logged on credentials) are set.

Inside the network or with vpn SSO IWA works fine for both, RD Web Access and remote apps resp. RD Gateway.
Outside only RD Web Access works without credentials prompt, but if a user clicks on a remote app he will be prompted with credentials dialog. (in the rdp client you will see the settings from the GPO with "Your Windows logon credentials will be used", so this is not the problem).

So the first question is if SSO IWA for RDS and RD Gateway is even supported from remote without a third party solution?

To get RD Web Access SSO to work from remote, I must move the windows authentication provider NTLM to the first position before Negotiation. So it seems that the client first tries to logon with Kerberos and don't fall back automatically to NTLM if Kerberos fails of course from outside the network.

I suppose this is also the problem for remote apps and RD Gateway, in fiddler you will see that after clicking on a remote app, the client will connect to the RD Gateway and will get an 401 access denied with the supported authentication providers. In this list the first one is Negotiate before NTLM.

So the client only tries to connect over Kerberos and after failing he will not automatically fall back to NTML and use the locally logged on credentials. Instead he prompted a credential dialog. After enter the credentials the connection is established with NTLM.

I wonder if it is possible that the client automatically fall back to NTLM and use the local logon credentials without prompting for it from remote???

In the GPO "Set RD Gateway authentication method" you can enforce clients to use NTLM but only in combination with "Ask for Credentials".

Best regards,
Marcus

↧

Remote Desktop Services License Server

April 20, 2020, 11:36 pm

≫ Next: disable ctrl+n on RDP

≪ Previous: RD Gateway SSO IWA over NTLM from remote outside the internal network possible out of the box?

I am looking for best practises when it comes to RDS License Servers in a greenfield environment.

If you build two I assume you put your full license count on both servers and they run as active/active? Or would you have one powered down and power on if required?

IF the RDS License server (configured for Per User licensing) went offline,is there a period where users will continute to log in or they can't until the License Server is back online?

↧

disable ctrl+n on RDP

March 29, 2020, 5:14 am

≫ Next: RDS 2019 after rename via Set-RDPPublishedName can't open published apps anymore

≪ Previous: Remote Desktop Services License Server

hello

i want to disable the option of Ctrl+n (new window) in remote desktop (terminal servers)

how do i do it ?

thanks!

Yan

↧

RDS 2019 after rename via Set-RDPPublishedName can't open published apps anymore

April 17, 2020, 7:44 am

≫ Next: RDS with Multifactor Authentication that works with Macs?

≪ Previous: disable ctrl+n on RDP

Hi,

we are running one RDS2019 server.

internal FQDN: rds2019.ourdomain.com

external FQDN: service.ourdomain.com

installed certificate: service.ourdomain.com

Gateway service is installed and connection broker is set to external FQDN.

Login to rdweb works fine. If you start any published app it shows up both servers on the RDP connection. So the connection drops due to the fact that on the certficate only the external name is published.

Now we've changed the internal FQDN via the script. Looks great. On the RDP both servers have the same name - but... Can't sign in anymore during the app start.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server

and

The program lsass.exe, with the assigned process ID 720, could not authenticate locally by using the target name TERMSRV/service.ourdomain.com. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.

Any suggestions?

↧

RDS with Multifactor Authentication that works with Macs?

April 16, 2020, 4:51 pm

≫ Next: RDS CALs per user only partially issued

≪ Previous: RDS 2019 after rename via Set-RDPPublishedName can't open published apps anymore

Hi,

My org currently uses RDS 2012 R2 and we use the "Microsoft Remote Desktop" application for a lot of users to be able to access our environment from Apple and android devices. Words come down that Multi-factor authentication is a priority going forward and I am currently configuring a RDS environment built on Server 2019 that uses the Azure Application Proxy for multi-factor pre-authentication...

But it appears to me that using this method the Microsoft Remote Desktop app doesn't work. It gets a "the remote resource feed is invalid" error when connecting, and the instructions I've found for configuring on-premise RDS integration with Azure say that it only supports Windows 7 and 10, unless using passthrough (which as I understand does not support Multi-Factor Authentication).

I did some quick reading on using NPS for MFA for RDS but I'm not finding much that would make me think it would work with the Mac OS/Android Microsoft Remote Desktop app.

Is there another method for Mac users to connect to RDS and get MFA? Do one of the methods above work with the Microsoft Remote Desktop app? What are other people using to get around this (do you just tell people no Macs allowed?)

Thanks!

↧

RDS CALs per user only partially issued

April 6, 2020, 6:40 am

≫ Next: Remote Desktop - License issue results in 60 minute session time limit

≪ Previous: RDS with Multifactor Authentication that works with Macs?

Hello,

We have a new Server 2016 Remote Desktop environment set up (1 broker + 2 TS's).
We installed 50 RDS CALs (per user).

At first none of the CALs were being issued, but the remote desktop connections work fine nonetheless (published apps).
License configuration + License Diagnostics say everything is OK.

So we removed the licenses, reinitialized the database, reinstalled the licenses, reactivated license server.
After that we noticed that about 10% of the connections made had a corresponding CAL issued.
I have no idea why some are issued and most are not. The users for whom the CAL was issued are spread across both TS's.
Eventviewer shows nothing out of the ordinary regarding RDS licensing. License config + diagnostics still say everything is OK.

It also turns out that the grace period is still active when we check through WMI : 110 days left (10 days past since reactivating the licenses).

Any ideas on where to look next ? Thank you.

↧

Remote Desktop - License issue results in 60 minute session time limit

April 16, 2020, 9:58 am

≫ Next: users unable to login to RDS (user profile service prohibits..)

≪ Previous: RDS CALs per user only partially issued

I have 2 machines:

A) Server 2019 Standard

B) Server 2016 Standard

I am not on a domain.

Server-A acts as a licensing server for both Server-A and Server-B

I installed the remote desktop licensing service on Server-A on 18-Mar-2020 and installed per-device CALs for 2012, 2016, and 2019. original install date for the machine running the licensing service is Feb-2019. It is activated and RD Diagnoser "did not identify any problems to report"

I was then able to connect with 10+ clients on either machine simultaneously.

Today, a few weeks later, connecting clients on Server-A (which hosts the licensing server) receive: "there is a problem with your remote desktop license and your session will be disconnected in 60 min"

This error does not appear when connecting to Server-B.

The RD Licensing Manager shows "issued" as 0 for both device and user CALs.

I verified that the local gp on either machine was configured (comp config > admin templates > rds > rd licensing > remote desktop session host > licensing >

1) use specified server is configured on both servers by IP address

2) remote desktop licensing mode is set to device

I rebuilt the licensing database and re-applied the per-device licenses with no effect.

tried deleting a MSLicensing registry key on both server and client with no effect.

there are certificate entries in:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM

...but I have not touched them

↧

users unable to login to RDS (user profile service prohibits..)

April 16, 2020, 5:05 am

≫ Next: PublishedApp

≪ Previous: Remote Desktop - License issue results in 60 minute session time limit

Hi,

Sometimes we have issues with users unable to login to the RDS collection. Researching this we came to the conclusion the problem is with corrupt profiles on the local RDS server. Sometimes people login with a temp profile, creating a profile folder with only appdata.

The way to fix this issue is cleaning the local profile from all RDS server in the collection and renaming the roaming profile from the fileservers.

Im looking for a script or tool that correctly cleans profiles from RDS servers and also cleans the registry in Profilelist and Profileguid. For now i only found scripts that does one thing and not everything that is needed to clean corrupt ones.

Thanks!

↧

PublishedApp

April 13, 2020, 10:42 am

≫ Next: Remote Desktop Connection Issues

≪ Previous: users unable to login to RDS (user profile service prohibits..)

Hi there

I am trying to publish an application to my RDS 2019 environment with special settings per user.

I am familiar into how to publish most of the apps but this one comes with a trick.

In the typical RDS desktop environment, each user has their won desktop that when launched, looks at the target command and pulls the property from the registry entry. Something like

users one has on desktop a shortcut that points to "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" in the target but we add /111.

So the shortcut in the Target is something like : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" /111

Each users will have that shortcut differently:

user 2 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" /112

user 3 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" /113

Question here, is:

How can I publish that shortcut to my users that log into the rds web interface.

Thanks

↧

Remote Desktop Connection Issues

April 8, 2020, 6:37 am

≫ Next: RDS Gateway - disable Default Web in IIS

≪ Previous: PublishedApp

Hopefully someone in here can assist with a somewhat weird Remote desktop connection I've been seeing. As of a few weeks ago, all employees are on work from home, however I have been getting emails from users who have been experiencing Remote Desktop Connection kicking them off, then when they try to get back in, they get an error about too many users being logged on. For now, I have been remotely rebooting the workstation they are remoting in to. It should be noted that we do not user the server side, we connect to our SSL VPN which puts us on our network, then open up Remote Desktop Connection to connect to our workstation in the office. Any ideas?

↧

RDS Gateway - disable Default Web in IIS

April 8, 2020, 5:56 am

≫ Next: was not authorized to connect to the RD Gateway server because a tunnel could not be created after installing MFA solution

≪ Previous: Remote Desktop Connection Issues

on a RDS GW -> can this page/web be disabled? if so, how?

IIS default web

Christian

↧

was not authorized to connect to the RD Gateway server because a tunnel could not be created after installing MFA solution

April 6, 2020, 7:05 pm

≫ Next: Remote Desktop licensing

≪ Previous: RDS Gateway - disable Default Web in IIS

We have built a new RDGateway\RDWeb server and initial testing was working successfully. We then installed our MFA Solution (SMS Passcode) and are now getting getting this error:

The user "userid", on client computer "ipaddress", was not authorized to connect to the RD Gateway server because a tunnel could not be created. The authentication method attempted: "Cookie" and connection protocol "HTTP". The following error occurred: "2147965432".

This is occuring on all browsers we have tested with (Edge-Chromium, Chrome, IE111) but if the user does an Empty cache and hard refresh in their browser, they are able to successfully authenticate and connect.

If we do an iisrest on the RDWeb server, users are able to successfully authenticate and connect for approx. 10 minutes before this starts occurring again.

We have totally rebuilt the server and installed all roles and have consultants double check the RDGateway\RDWeb setup to confirm those are installed correctly.

Has anyone seen this before or may now of a fix?

jkv

↧

Remote Desktop licensing

April 21, 2020, 1:31 am

≫ Next: Hyper-V VM running RDS - typing causes 1 character a second to appear

≪ Previous: was not authorized to connect to the RD Gateway server because a tunnel could not be created after installing MFA solution

Good day,

I need to get licensing to allow multiple users to connect to my local server simultaneously, i have tried contacting Microsoft support i had no luck can anyone assist if you have purchased a RDP license before, how do i go about doing that? Thank you.

Kind regards

Sibusiso

↧

Hyper-V VM running RDS - typing causes 1 character a second to appear

April 6, 2020, 4:32 pm

≫ Next: RD Broker does not reconnect to a disconnected session

≪ Previous: Remote Desktop licensing

I have a Hyper-V cluster running Server 2016 Datacenter version 1607

This cluster is running multiple VMs, including 6 RDS Host servers for users to access both internally and externally through RDGateway. Everything has been running fine since last Summer, but in the last could of days, one of the 6 RDS hosts has started to experience a typing lag. This lag occurs whether you connect via an RDP connection or even if you connect via a console session in Hyper-V Manager (without running an Enhanced session)

The lag only occurs after you log in - i.e. at the username/password field, typing appears instantly, but as soon as the users desktop appears, anything you type (notepad, word, etc, Start Menu-> Run), any typing appears on the screen very lowly, one character every (roughly) 1 second, no matter how fast you typed in. no characters are lost though.

This occurs whether you log on as a domain user or a local administrator.

All 6 RDS hosts are in the same OU and have the same GPOs applied.

No relevant changes have occurred, and no windows updates have been applied in the last month.

All other VMs and the host servers typing is normal. Only this one RDS Host.

Has anyone seen anything similar before?

Anyone got a fix?

Thanks

Ken Z

↧

RD Broker does not reconnect to a disconnected session

April 13, 2020, 3:18 am

≫ Next: Removing UPD's from Session Collection (2016)

≪ Previous: Hyper-V VM running RDS - typing causes 1 character a second to appear

Hello
We have a problem connecting users to disconnected sessions.

Test Farm Server 2019 with all lastest updates:

2 x RDGW and Web Access (nlb)

2 x RD Broker (nlb)

3 x RD Session Hosts

1 SQL Server 2008

User profile disks

GP:

Configure keep-alive connection interval 1m

Restrict Remote Desktop Services users to a single Remote Desktop Services session Enable

All internal and external users:

Connect session OK. Close session by cross on rdp client (not logoff)

After disconnecting the user and trying to reconnect, the Broker connects to another RDSH server.

Events:

RD Connection Broker received connection request for user .
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.rds_coll
Initial Application = NULL
Call came from Redirector Server = rdcb02
Redirector is configured as Virtual machine redirector

RD Connection Broker successfully processed the connection request for user . Redirection info:
Target Name = RDSH01
Target IP Address = 172.30.3.10
Target Netbios = RDSH01
Target FQDN = rdsh01
Disconnected Session Found = 0x0

After 5 min

This connection request has timed out. User could not log on to the end point within the alloted time. Remote Desktop Connection Broker will stop monitoring this connection request.

Try to reconnect

RD Connection Broker successfully processed the connection request for user . Redirection info:
Target Name = RDSH02
Target IP Address = 172.30.3.11
Target Netbios = RDSH02
Target FQDN = rdsh02
Disconnected Session Found = 0x0 ??????

Why not Disconnected Session Found = 0x1, RD broker not found session.

All session records in the database

↧

Removing UPD's from Session Collection (2016)

April 16, 2020, 3:31 pm

≫ Next: RDS self signed certificate still has errors

≪ Previous: RD Broker does not reconnect to a disconnected session

Has anyone ever removed UPD's from a Terminal Services Session Collection (2016) before?

I've tested removing the setting in my dev environment and that new users don't get a UPD and existing users no longer mount theirs at login. Besides the obviously profile data now missing, are there any traps that are not obvious?

I have already enabled folder redirection so all users files and folders will remain (outside of appdata), I'm considering moving to FSLogix, anyone else moved from UPD to FSLogix?

https://docs.microsoft.com/en-us/fslogix/install-ht

Our reason is that our AV and security suite keep locking the UPD's after a user logs out and changing our suite is not possible at this point in time.

Thanks

Craig

↧

RDS self signed certificate still has errors

April 8, 2020, 3:49 pm

≫ Next: Unable to publish applications

≪ Previous: Removing UPD's from Session Collection (2016)

What is the point of creating a self signed certificate if you still get the "This site is not secure" error? I can still access the site after clicking the "Go on to the webpage (not recommended)" with or without the certificate.

Is there any way to get rid of the message on an offline local domain?

↧

Unable to publish applications

April 21, 2020, 8:55 am

≫ Next: How to stop close runing program when you log off

≪ Previous: RDS self signed certificate still has errors

When attempting to publish an application using server manager on our RDS Broker Server, we are receiving the follow error message "Could not create a published application instance on the server" in event viewer. We have not had this issue in the past, although the last time I published an app on this 2016 standard server is over a year. The existing published applications are running as expected. The default web site on the server has a valid wild card certificate installed. I attempted to publish the notes and wordpad applications, and received the same error.

I also tried using powershell and received a similar message:

Any assistance would be greatly appreciated.

↧

How to stop close runing program when you log off

April 21, 2020, 8:58 am

≫ Next: Desktop background and color

≪ Previous: Unable to publish applications

Hi i need an info, i use windows server 2011 Small business Essentials and i have a problem

when i log off close my program playout wich is playlist software and i,m forced to be loged in 24/7 so other users cannot be loged in when admin is loged so please how to set up to not close my program or exclude.

↧